Restricting Samba access on SuSE 10.1 to one IP

By jeltsch on Mon, 08/14/2006 - 19:54

When you allow Samba access to your SuSE 10.1 machine by using the YaST firewall setup tool, three changes are made to /etc/sysconfig/SuSEfirewall2:

FW_SERVICES_EXT_TCP="" is changed into FW_SERVICES_EXT_TCP="microsoft-ds netbios-ssn"
FW_SERVICES_EXT_UDP="" is changed into FW_SERVICES_EXT_UDP="netbios-dgm netbios-ns"
FW_ALLOW_FW_BROADCAST_EXT="" is changed into FW_ALLOW_FW_BROADCAST_EXT="netbios-ns netbios-dgm"

The respective portnumbers for the serveices are:

microsoft-ds tcp 445
netbios-ssn tcp 139
netbios-dgm udp 138
netbios-ns udp 137

You should not use YaST to set up the firewall. Remove the Samba entry using YaST and open the file /etc/sysconfig/SuSEfirewall2. Change FW_SERVICES_ACCEPT_EXT="" into FW_SERVICES_ACCEPT_EXT="128.214.202.41,tcp,445 128.214.202.41,tcp,139 128.214.202.41,udp,138 128.214.202.41,udp,137" and restart the firewall. Browsing might not work though...

Search form

You are here

Restricting Samba access on SuSE 10.1 to one IP

__________